Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Did you hear? There's a new SQL AI Developer certification (DP-800). Start preparing now and be one of the first to get certified. Register now

sakjai
‎04-09-2026 09:00 AM

Associated identities for items (Preview)

Background

Currently, many items rely on the item’s owner identity for accessing connections and certain features (like delegated mode in SQL endpoint) specific to the item. If the owner leaves the organization or their credentials expire, items can become partially or fully non-functional.

We’ve heard from many of you that the current remediation path (like taking over an item in the UI) helps in the moment, but it doesn’t solve the underlying problem: enterprise items shouldn’t depend on a user principal to keep working, eliminating risk when people change roles or leave.

Associate an identity (Preview) (user, service principal, or managed identity) with certain Fabric items so that the item does not depend on the creator or owner. This is a limited-scope preview for Fabric Lakehouses and Eventstreams.

What’s new: associate an identity with an item

To remove dependency on the owner’s user principal, you can associate an identity with select Fabric items (an existing Microsoft Entra identity, service principal, or managed identity) via a REST API. Identity updates can now be done via an API, instead of relying solely on manual, one-at-a-time remediation in the UI.

In this initial release, items in scope can use the associated identity for the same kinds of operations that historically depended on the item owner.

In scope for this release

  • Lakehouse
  • Eventstream (excluding Eventstreams that use Azure Events or Fabric Events as a source)

Getting started

Update an item’s identity

If an item is currently associated with a user principal, you can update it to an identity such as a service principal or managed identity.

Use the following API to associate the identity:

POST https://api.fabric.microsoft.com/v1/workspaces/{workspaceId}/items/{id}/identities/default/assign?beta=true

Prerequisite: the calling identity must have Write permissions on the item (and any dependent/child items impacted by the operation).

View an item’s associated identity

You can view the identity associated with an item using the existing Get and List item APIs by including defaultIdentity in the response.

GET https://api.fabric.microsoft.com/v1/workspaces/{workspaceId}/items/{itemId}?include=defaultIdentity

GET https://api.fabric.microsoft.com/v1/workspaces/{workspaceId}/items?include=defaultIdentity

If you’re a Fabric Administrator, you can also use the admin Get item APIs to view associated identity information across workspaces.

GET https://api.fabric.microsoft.com/v1/admin/workspaces/{workspaceId}/items/{itemId}

Screenshot_of_a_JSON_code_snippet_showing_results_of_a_Get_Item_API_call_for_anScreenshot_of_a_JSON_code_snippet_showing_results_of_a_Get_Item_API_call_for_an

Figure: Get Item API response includes defaultIdentity along with other item details.

Learn more in Manage identities associated with Fabric items.

If you have any suggestions for further enhancements to this feature, please share your ideas on Microsoft Fabric Ideas.

0